{{- if eq .Values.installMode "host" }} {{- $name := include "karmada.name" . -}} --- apiVersion: apps/v1 kind: Deployment metadata: name: {{ $name }}-aggregated-apiserver namespace: {{ include "karmada.namespace" . }} labels: {{- include "karmada.aggregatedApiServer.labels" . | nindent 4 }} spec: selector: matchLabels: {{- include "karmada.aggregatedApiServer.labels" . | nindent 6 }} replicas: {{ .Values.aggregatedApiServer.replicaCount }} {{- with .Values.aggregatedApiServer.strategy }} strategy: {{- toYaml . | nindent 4 }} {{- end }} template: metadata: {{- with .Values.aggregatedApiServer.podAnnotations }} annotations: {{- toYaml . | nindent 8 }} {{- end }} labels: {{- include "karmada.aggregatedApiServer.labels" . | nindent 8 }} {{- include "karmada.aggregatedApiServer.podLabels" . | nindent 8 }} spec: {{- include "karmada.aggregatedApiServer.imagePullSecrets" . | nindent 6 }} automountServiceAccountToken: false initContainers: {{- include "karmada.initContainer.waitStaticResource" . | nindent 8 }} containers: - name: {{ $name }}-aggregated-apiserver image: {{ template "karmada.aggregatedApiServer.image" . }} imagePullPolicy: {{ .Values.aggregatedApiServer.image.pullPolicy }} volumeMounts: {{- include "karmada.kubeconfig.volumeMount" . | nindent 12 }} - name: etcd-cert mountPath: /etc/etcd/pki readOnly: true - name: apiserver-cert mountPath: /etc/kubernetes/pki readOnly: true command: - /bin/karmada-aggregated-apiserver - --kubeconfig=/etc/kubeconfig - --authentication-kubeconfig=/etc/kubeconfig - --authorization-kubeconfig=/etc/kubeconfig {{- if eq .Values.etcd.mode "external" }} - --etcd-cafile=/etc/etcd/pki/ca.crt - --etcd-certfile=/etc/etcd/pki/tls.crt - --etcd-keyfile=/etc/etcd/pki/tls.key - --etcd-servers={{ .Values.etcd.external.servers }} - --etcd-prefix={{ .Values.etcd.external.registryPrefix }} {{- end }} {{- if eq .Values.etcd.mode "internal" }} - --etcd-cafile=/etc/etcd/pki/server-ca.crt - --etcd-certfile=/etc/etcd/pki/karmada.crt - --etcd-keyfile=/etc/etcd/pki/karmada.key - --etcd-servers=https://etcd-client.{{ include "karmada.namespace" . }}.svc.{{ .Values.clusterDomain }}:2379 {{- end }} - --tls-cert-file=/etc/kubernetes/pki/karmada.crt - --tls-private-key-file=/etc/kubernetes/pki/karmada.key - --audit-log-path=- - --audit-log-maxage=0 - --audit-log-maxbackup=0 - --tls-min-version=VersionTLS13 resources: {{- toYaml .Values.aggregatedApiServer.resources | nindent 12 }} readinessProbe: httpGet: path: /readyz port: 443 scheme: HTTPS initialDelaySeconds: 1 periodSeconds: 3 timeoutSeconds: 15 livenessProbe: httpGet: path: /healthz port: 443 scheme: HTTPS initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 15 {{- with .Values.aggregatedApiServer.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.aggregatedApiServer.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.aggregatedApiServer.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} priorityClassName: {{ .Values.aggregatedApiServer.priorityClassName }} volumes: {{- include "karmada.kubeconfig.volume" . | nindent 8 }} - name: apiserver-cert secret: secretName: {{ $name }}-cert - name: etcd-cert secret: {{- if eq .Values.etcd.mode "internal" }} secretName: {{ $name }}-cert {{- end }} {{- if eq .Values.etcd.mode "external" }} secretName: {{ $name }}-external-etcd-cert {{- end }} --- apiVersion: v1 kind: Service metadata: name: {{ $name }}-aggregated-apiserver namespace: {{ include "karmada.namespace" . }} labels: {{- include "karmada.aggregatedApiServer.labels" . | nindent 4 }} spec: ports: - port: 443 protocol: TCP targetPort: 443 selector: {{- include "karmada.aggregatedApiServer.labels" . | nindent 4 }} {{ if and .Values.aggregatedApiServer .Values.aggregatedApiServer.podDisruptionBudget }} --- apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ $name }}-aggregated-apiserver namespace: {{ include "karmada.namespace" . }} labels: {{- include "karmada.aggregatedApiServer.labels" . | nindent 4 }} spec: selector: matchLabels: {{- include "karmada.aggregatedApiServer.labels" . | nindent 6 }} {{ toYaml .Values.aggregatedApiServer.podDisruptionBudget | nindent 2 }} {{- end -}} {{- end }}